When carriers go dark: A cyber survival guide for independent agencies 

The insurance industry just got a loud knock on the door. Carriers like Erie Insurance, Philadelphia Insurance Cos., and AFLAC are all reportedly grappling with the fallout from major cyberattacks—likely launched by the hacker group known as Scattered Spider. These events serve as a powerful reminder that even if your agency isn’t the one breached, you’re still in the blast radius. 

When systems go offline, clients don’t call the carriers—they call you. Here’s how to stay ahead of the next incident and protect your agency, your clients and your reputation. 

Build your agency’s cybermuscle—before the bad guys strike 

Cyberrisk doesn’t just live in the cloud—it hides in your inbox, your phone lines and your team’s daily routines. It’s important to know your threats. Scattered Spider is a cyber criminal group with a knack for manipulating real people. It impersonates IT help desks, spoofs phone numbers and cons employees into handing over login credentials. While this group may be the latest to target the insurance sector, it’s hardly the only threat. Agencies need to be ready to handle both known and unknown attacks. 

Think smarter 

Everyday tasks like updating an account or transferring funds can seem routine—until a hacker turns them into a high-stakes liability. Security isn’t just about software; it’s about systems and habits that make your agency harder to exploit: 

• Always verify identity before making account changes. A convincing email or friendly voice isn’t enough. Use call-backs, security questions or PINs to confirm identity. 

• Separate approval and execution for financial transactions. No one person should both authorize and complete payments. Even a simple two-person process can block a costly mistake. 

• Turn on multifactor authentication everywhere. Especially for email. MFA adds a critical layer of defense that stops many attacks in their tracks. 

• Limit system access based on job roles. Give staff members access only to the tools and data they need. Fewer privileges = fewer vulnerabilities. 

• Rotate passwords regularly. Encourage strong, unique passwords and update them every 60–90 days. A password manager can make this easier to manage. 

Practice makes prepared 

The first time your agency runs a cyber response drill shouldn’t be during a real breach. High-stakes situations lead to rushed decisions—and that’s when mistakes happen. Prepare your team now. 

Simulate a scenario in which one of your major carriers goes offline. Who handles client outreach? How do you process urgent coverage requests? What’s your plan for documentation? Running mock drills can help identify weak spots and clarify roles before a real incident occurs. 

E&O alert 

A carrier breach isn’t just a tech problem—it’s a moment of truth for your agency. Your actions—or inaction—can either protect you from liability or open the door to it. Here’s how to avoid common pitfalls: 

• Don’t fill in the blanks—stick to what you know. In the absence of clear information, avoid speculating. It’s okay to say, “We don’t have an update yet, but here’s what we’re doing in the meantime.” 

• Reassess your binding authority and backup options. Know which carriers you can bind with directly. If you’re unsure, contact your marketing representative. Be ready to pivot clients to another market if necessary—and explain why it’s a temporary solution. 

• Control the narrative with proactive communication. Uncertainty breeds anxiety. Don’t wait for panicked phone calls—send short, honest updates to keep clients informed and confident. 

• Create a “down carrier” log. Keep a temporary record (even a simple spreadsheet) tracking impacted clients, pending requests and any related communication. This can supplement your AMS and protect your agency later if questions arise. 

• Be the voice of fraud prevention. After a breach, scammers often are close behind. Warn clients about phishing emails, fake portals and unusual payment requests. Encourage them to call you before acting on anything suspicious. 

• Review your own insurance. Make sure your agency’s E&O and cyber liability policies are up to date—and that they cover third-party breaches that disrupt your operations or affect your clients. Don’t assume you’re covered. Check now and ask your carrier or broker if you’re unsure. 

Be ready, stay ready 

These recent breaches are a warning shot: cyberattacks are no longer a distant risk. By taking proactive steps, strengthening your security habits and reinforcing your E&O protections, your agency can stay resilient—no matter who gets hit next. 

Resources to help

PIA Northeast members can access the Privacy Compliance Central tool kit, which offers information on cyberattacks, cyber security regulations, and more privacy-related issues.